Volkswagen and Audi, VW’s luxury brand, have been hit by a data breach that exposed the contact information and, in some cases, personal details, like driver license numbers, of customers in the United States and Canada.
More than 3 million customers or shoppers had at least basic contact information stolen from an outside company that worked with the automakers, according VW. That data included phone numbers, email addresses, postal mailing addresses and, in some cases, vehicle identification numbers.
The company has reached out to 90,000 people in the US – mostly Audi customers or shoppers – who had especially sensitive information taken in the breach. In most cases, that included driver’s license numbers and, in a small number of cases, Social Security numbers, VW or Audi account numbers and dates of birth. The company is offering free credit protection to those who had very sensitive information taken.
The breach included data from people who had merely inquired about purchasing an Audi or VW vehicle, according to a statement from Volkswagen USA.
The data, which was stolen from an outside vendor that VW and Audi and some of their dealers use, had been gathered between 2014 and 2019. The information had been collected and saved for marketing purposes, according to VW, and had been left in an unsecured file. VW did not name the vendor.
“We regret any inconvenience this may cause our current or potential customers,” VW USA said in a statement. “As always, we recommend that individuals remain alert for suspicious emails or other communications that might ask them to provide information about themselves or their vehicle.”